Lucene search
K
ArchlinuxMost viewed

1854 matches found

ArchLinux
ArchLinux
•added 2019/11/01 12:0 a.m.•51 views

[ASA-201911-1] chromium: arbitrary code execution

Arch Linux Security Advisory ASA-201911-1 ========================================= Severity: Critical Date : 2019-11-01 CVE-ID : CVE-2019-13720 CVE-2019-13721 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1058 Summary ======= The packag...

8.8CVSS1.7AI score0.72977EPSS
Exploits4References6
ArchLinux
ArchLinux
•added 2018/12/08 12:0 a.m.•51 views

[ASA-201812-7] lib32-openssl-1.0: private key recovery

Arch Linux Security Advisory ASA-201812-7 ========================================= Severity: Low Date : 2018-12-08 CVE-ID : CVE-2018-0734 CVE-2018-5407 Package : lib32-openssl-1.0 Type : private key recovery Remote : Yes Link : https://security.archlinux.org/AVG-806 Summary ======= The package...

5.9CVSS1AI score0.12154EPSS
Exploits4References8
ArchLinux
ArchLinux
•added 2017/09/18 12:0 a.m.•51 views

[ASA-201709-15] apache: information disclosure

Arch Linux Security Advisory ASA-201709-15 ========================================== Severity: High Date : 2017-09-18 CVE-ID : CVE-2017-9798 Package : apache Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-404 Summary ======= The package apache before version...

7.5CVSS0.3AI score0.94999EPSS
Exploits9References6
ArchLinux
ArchLinux
•added 2017/07/26 12:0 a.m.•51 views

[ASA-201707-27] lib32-expat: denial of service

Arch Linux Security Advisory ASA-201707-27 ========================================== Severity: Medium Date : 2017-07-26 CVE-ID : CVE-2016-9063 CVE-2017-9233 Package : lib32-expat Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-305 Summary ======= The package...

9.8CVSS1.4AI score0.09051EPSS
Exploits1References6
ArchLinux
ArchLinux
•added 2017/06/23 12:0 a.m.•51 views

[ASA-201706-30] linux-zen: privilege escalation

Arch Linux Security Advisory ASA-201706-30 ========================================== Severity: High Date : 2017-06-23 CVE-ID : CVE-2017-1000364 Package : linux-zen Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-324 Summary ======= The package linux-zen before...

7.4CVSS0.5AI score0.05186EPSS
Exploits3References4
ArchLinux
ArchLinux
•added 2017/04/21 12:0 a.m.•51 views

[ASA-201704-6] firefox: multiple issues

Arch Linux Security Advisory ASA-201704-6 ========================================= Severity: Critical Date : 2017-04-21 CVE-ID : CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441...

9.8CVSS1.1AI score0.18756EPSS
Exploits27References108
ArchLinux
ArchLinux
•added 2017/03/12 12:0 a.m.•51 views

[ASA-201703-6] linux-lts: privilege escalation

Arch Linux Security Advisory ASA-201703-6 ========================================= Severity: High Date : 2017-03-12 CVE-ID : CVE-2017-2636 Package : linux-lts Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-200 Summary ======= The package linux-lts before versio...

7CVSS0.5AI score0.01021EPSS
Exploits2References5
ArchLinux
ArchLinux
•added 2017/02/22 12:0 a.m.•51 views

[ASA-201702-18] linux-zen: multiple issues

Arch Linux Security Advisory ASA-201702-18 ========================================== Severity: High Date : 2017-02-22 CVE-ID : CVE-2016-10088 CVE-2016-9588 CVE-2017-5986 CVE-2017-6074 Package : linux-zen Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-186 Summary...

7.8CVSS1.9AI score0.0596EPSS
Exploits13References9
ArchLinux
ArchLinux
•added 2017/01/27 12:0 a.m.•51 views

[ASA-201701-35] linux-lts: privilege escalation

Arch Linux Security Advisory ASA-201701-35 ========================================== Severity: Medium Date : 2017-01-27 CVE-ID : CVE-2017-2583 Package : linux-lts Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-150 Summary ======= The package linux-lts before...

8.4CVSS0.9AI score0.00582EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2016/10/21 12:0 a.m.•51 views

[ASA-201610-13] python-django: cross-site request forgery

Arch Linux Security Advisory ASA-201610-13 ========================================== Severity: Medium Date : 2016-10-21 CVE-ID : CVE-2016-7401 Package : python-django Type : cross-site request forgery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

7.5CVSS2.2AI score0.0613EPSS
Exploits1References3
ArchLinux
ArchLinux
•added 2016/06/25 12:0 a.m.•51 views

xerces-c: arbitrary code execution

The DTDScanner fails to account for the fact that peeking characters in the XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object...

10CVSS3.8AI score0.06781EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2016/05/06 12:0 a.m.•51 views

mercurial: arbitrary code execution

Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This is a further side-effect of Git CVE-2015-7545. Reported and fixed by Blake...

6.8CVSS5.5AI score0.20144EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2016/03/12 12:0 a.m.•51 views

wireshark-gtk: denial of service

CVE-2016-2522: The dissectberconstrainedbitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service out-of-bounds read and application...

7.1CVSS4.7AI score0.03104EPSS
Exploits1References29
ArchLinux
ArchLinux
•added 2015/12/17 12:0 a.m.•51 views

ruby: unsafe tainted string usage

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi...

6.9CVSS2AI score0.07766EPSS
Exploits1References2
ArchLinux
ArchLinux
•added 2015/10/23 12:0 a.m.•51 views

jre8-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

10CVSS2.6AI score0.13354EPSS
Exploits0References25
ArchLinux
ArchLinux
•added 2015/06/22 12:0 a.m.•51 views

curl: information leakage

CVE-2015-3236 lingering HTTP credentials in connection re-use: libcurl can wrongly send HTTP credentials when re-using connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password...

6.4CVSS0.1AI score0.09334EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2015/04/18 12:0 a.m.•51 views

chromium: multiple issues

CVE-2015-1235 cross-origin bypass A vulnerability was discovered that allows cross-origin-bypass in the HTML parser. - CVE-2015-1236 cross-origin bypass A vulnerability was discovered that allows cross-origin-bypass in the rendering engine Blink. - CVE-2015-1237 arbitrary code execution An...

7.5CVSS1.7AI score0.02702EPSS
Exploits1References14
ArchLinux
ArchLinux
•added 2015/04/01 12:0 a.m.•51 views

firefox: multiple issues

CVE-2015-0801 same-origin bypass Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG...

7.5CVSS0.3AI score0.67268EPSS
Exploits4References24
ArchLinux
ArchLinux
•added 2015/03/20 12:0 a.m.•51 views

drupal: multiple issues

CVE-2015-2559 access bypass Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password. In Drupal 7, this vulnerability is mitigated by the fact that it can only be exploited on sites where...

3.5CVSS3.8AI score0.01635EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2015/02/03 12:0 a.m.•51 views

privoxy: denial of service

CVE-2015-1380 denial of service Denial of service issue was found in case of client requests with incorrect chunk-encoded body. When compiled with assertions enabled the default they could previously cause Privoxy to abort. - CVE-2015-1381 segmentation fault Multiple segmentation faults and...

5CVSS3.8AI score0.03397EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2015/01/28 12:0 a.m.•51 views

patch: multiple issues

CVE-2015-1196 directory traversal A directory traversal flaw was discovered that allows remote attackers to write to arbitrary files via a symlink attack in a patch file. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the...

4.3CVSS5AI score0.06096EPSS
Exploits1References5
ArchLinux
ArchLinux
•added 2015/01/14 12:0 a.m.•51 views

firefox: multiple issues

CVE-2014-8634 arbitrary remote code execution Christian Holler and Patrick McManus reported memory safety problems and crashes that affect Firefox ESR 31.3 and Firefox 34. - CVE-2014-8635 arbitrary remote code execution Christoph Diehl, Christian Holler, Gary Kwong, Jesse Ruderman, Byron Campen,...

7.5CVSS1.2AI score0.65657EPSS
Exploits4References10
ArchLinux
ArchLinux
•added 2014/12/12 12:0 a.m.•51 views

nvidia-304xx: arbitrary code execution

It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...

7.5CVSS5.8AI score0.05192EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2014/12/09 12:0 a.m.•51 views

unbound: denial of service

The resolver can be tricked into following an endless series of delegations, this consumes a lot of resources. Resolvers fetch the content for domain names by sending queries to authority servers on the internet. One of the responses that authority servers can return is a referral response, which...

4.3CVSS2.9AI score0.25205EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2014/11/12 12:0 a.m.•51 views

mantisbt: arbitrary code execution and unrestricted access

CVE-2014-7146 arbitrary code execution When importing data with the plugin, user input passed through the "description" field and the "issuelink" attribute of the uploaded XML file isn't properly sanitized before being used in a call to the pregreplace function which uses the 'e' modifier. This...

7.5CVSS2.6AI score0.50561EPSS
Exploits8References7
ArchLinux
ArchLinux
•added 2014/09/24 12:0 a.m.•51 views

NSS: Signature forgery attack

Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...

7.5CVSS2.9AI score0.1617EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2022/03/25 12:0 a.m.•50 views

[ASA-202203-1] postgresql: man-in-the-middle

Arch Linux Security Advisory ASA-202203-1 ========================================= Severity: High Date : 2022-03-25 CVE-ID : CVE-2021-23214 Package : postgresql Type : man-in-the-middle Remote : Yes Link : https://security.archlinux.org/AVG-2546 Summary ======= The package postgresql before...

5.1CVSS1AI score0.01901EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2020/11/10 12:0 a.m.•50 views

[ASA-202011-7] salt: multiple issues

Arch Linux Security Advisory ASA-202011-7 ========================================= Severity: Critical Date : 2020-11-10 CVE-ID : CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 Package : salt Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1262 Summary ======= The...

9.8CVSS1.1AI score0.99585EPSS
Exploits5References7
ArchLinux
ArchLinux
•added 2020/09/26 12:0 a.m.•50 views

[ASA-202009-12] lib32-brotli: denial of service

Arch Linux Security Advisory ASA-202009-12 ========================================== Severity: Medium Date : 2020-09-26 CVE-ID : CVE-2020-8927 Package : lib32-brotli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1231 Summary ======= The package lib32-brotli befo...

6.5CVSS1.8AI score0.03217EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2020/02/11 12:0 a.m.•50 views

[ASA-202002-5] firefox: multiple issues

Arch Linux Security Advisory ASA-202002-5 ========================================= Severity: Critical Date : 2020-02-11 CVE-ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 CVE-2020-6801 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1096 Summary...

8.8CVSS0.2AI score0.02274EPSS
Exploits0References16
ArchLinux
ArchLinux
•added 2019/11/13 12:0 a.m.•50 views

[ASA-201911-14] intel-ucode: multiple issues

Arch Linux Security Advisory ASA-201911-14 ========================================== Severity: High Date : 2019-11-13 CVE-ID : CVE-2019-0117 CVE-2019-11135 CVE-2019-11139 Package : intel-ucode Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1068 Summary ======= The...

6.5CVSS1.1AI score0.03133EPSS
Exploits0References8
ArchLinux
ArchLinux
•added 2017/10/19 12:0 a.m.•50 views

[ASA-201710-27] chromium: multiple issues

Arch Linux Security Advisory ASA-201710-27 ========================================== Severity: Critical Date : 2017-10-19 CVE-ID : CVE-2017-15386 CVE-2017-15387 CVE-2017-15388 CVE-2017-15389 CVE-2017-15390 CVE-2017-15391 CVE-2017-15392 CVE-2017-15393 CVE-2017-15394 CVE-2017-15395 CVE-2017-5124...

8.8CVSS0.2AI score0.05245EPSS
Exploits6References42
ArchLinux
ArchLinux
•added 2017/02/22 12:0 a.m.•50 views

[ASA-201702-17] linux: multiple issues

Arch Linux Security Advisory ASA-201702-17 ========================================== Severity: High Date : 2017-02-22 CVE-ID : CVE-2016-10088 CVE-2016-9588 CVE-2017-5986 CVE-2017-6074 Package : linux Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-178 Summary =======...

7.8CVSS1.7AI score0.0596EPSS
Exploits13References9
ArchLinux
ArchLinux
•added 2017/01/19 12:0 a.m.•50 views

[ASA-201701-28] php: multiple issues

Arch Linux Security Advisory ASA-201701-28 ========================================== Severity: High Date : 2017-01-19 CVE-ID : CVE-2016-9935 CVE-2016-9936 CVE-2017-5340 Package : php Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-105 Summary ======= The package php...

9.8CVSS3.4AI score0.1669EPSS
Exploits4References11
ArchLinux
ArchLinux
•added 2016/10/08 12:0 a.m.•50 views

[ASA-201610-7] wpa_supplicant: multiple issues

Arch Linux Security Advisory ASA-201610-7 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : wpasupplicant Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

7.8CVSS1.2AI score0.02858EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2016/08/21 12:0 a.m.•50 views

libgcrypt: information disclosure

Felix Drre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and...

1.2AI score0.03597EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2016/08/05 12:0 a.m.•50 views

firefox: multiple issues

CVE-2016-0718 arbitrary code execution Out-of-bounds read during XML parsing in Expat library. - CVE-2016-2830 information disclosure Favicon network connection can persist when page is closed. - CVE-2016-2835 CVE-2016-2836 arbitrary code execution Mozilla developers and community members...

7.5CVSS0.9AI score0.13802EPSS
Exploits6References22
ArchLinux
ArchLinux
•added 2016/06/20 12:0 a.m.•50 views

wget: arbitrary file overwrite

GNU Wget when supplied with a malicious website link can be tricked into saving an arbitrary remote file supplied by an attacker, with arbitrary content and filename under the current directory. This can lead to potential code execution by creating system scripts such as .bashprofile and others...

4.3CVSS2.1AI score0.45935EPSS
Exploits8References3
ArchLinux
ArchLinux
•added 2016/03/24 12:0 a.m.•50 views

expat: arbitrary code execution

Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716...

7.5CVSS8.2AI score0.19069EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2016/03/11 12:0 a.m.•50 views

flashplugin: arbitrary code execution

CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 arbitrary code execution Integer overflow vulnerabilities that could lead to code execution. - CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000...

10CVSS3.1AI score0.29839EPSS
Exploits14References24
ArchLinux
ArchLinux
•added 2015/10/30 12:0 a.m.•50 views

phpmyadmin: content spoofing

This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites. This vulnerability is not considered to be critical since the spoofed content is escaped and no HTML injection is possible...

5CVSS1.3AI score0.02624EPSS
Exploits0References2
ArchLinux
ArchLinux
•added 2015/09/03 12:0 a.m.•50 views

bind: denial of service

CVE-2015-5722 Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c: Parsing a malformed DNSSEC key can cause a validating resolver to exit due to a failed assertion in buffer.c. It is possible for a remote attacker to deliberately trigger this condition, for example...

7.8CVSS4.2AI score0.33652EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2015/08/28 12:0 a.m.•50 views

firefox: multiple issues

CVE-2015-4497 use-after-free when resizing canvas element during restyling: Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a canvas element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references...

10CVSS0.6AI score0.08007EPSS
Exploits0References4
ArchLinux
ArchLinux
•added 2015/07/16 12:0 a.m.•50 views

lib32-flashplugin: arbitrary code execution

CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...

10CVSS7.1AI score0.93688EPSS
Exploits5References3
ArchLinux
ArchLinux
•added 2015/06/10 12:0 a.m.•50 views

cups: multiple issues

CVE-2015-1158 arbitrary code execution, privilege escalation An issue with how localized strings are handled in cupsd allows a reference counter to over-decrement when handling certain print job request errors. As a result, an attacker can prematurely free an arbitrary string of global scope,...

10CVSS2.9AI score0.29913EPSS
Exploits9References4
ArchLinux
ArchLinux
•added 2015/05/15 12:0 a.m.•50 views

wireshark-gtk: denial of service

CVE-2015-3808 denial of service There is an infinite loop condition in dissectlbmrpser in epan/dissectors/packet-lbmr.c. It's possible for an attacker to set the the variable 'optionlen' to 0, causing the loop to never terminate. This issue is leading to excessive CPU resources consumption by...

7.8CVSS1.5AI score0.03731EPSS
Exploits0References9
ArchLinux
ArchLinux
•added 2015/04/24 12:0 a.m.•50 views

wpa_supplicant: arbitrary code execution

A vulnerability was found in how wpasupplicant uses SSID information parsed from management frames that create or update P2P peer entries e.g., Probe Response frame or number of P2P Public Action frames. SSID field has valid length range of 0-32 octets. However, it is transmitted in an element th...

5.8CVSS2.2AI score0.05228EPSS
Exploits0References3
ArchLinux
ArchLinux
•added 2015/04/17 12:0 a.m.•50 views

jre7-openjdk-headless: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.4AI score0.07224EPSS
Exploits1References7
ArchLinux
ArchLinux
•added 2015/04/17 12:0 a.m.•50 views

jdk8-openjdk: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.2AI score0.07224EPSS
Exploits1References8
ArchLinux
ArchLinux
•added 2015/01/23 12:0 a.m.•50 views

jre8-openjdk: multiple issues

CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 arbitrary code execution Incorrect class loader permission check in ClassLoader...

10CVSS6.8AI score0.99999EPSS
Exploits12References20
Total number of security vulnerabilities1854